At present, corporate networks make wide use of solutions in the field of application control, particularly control of the launching and running of applications. With the help of such solutions, it is easier for the administrator or any other specialist responsible for network security to control which applications are being used and launched on the computers of the network. With the help of application control, the administrator can, for example, determine which applications can be launched and which cannot, and which exceptions can occur in either instance. Modern systems of application control have a flexible toolkit for the forming of access control rules to the objects of operating systems (OS), including the files of applications: the access may occur either on the basis of lists of forbidden and permitted applications, or on the basis of more complicated access rules which take into account different attributes of both the access itself, such as the access token, and the object to which said access occurs.
However there are a number of features of the later versions of Windows OS, such as version 10, which dictate the architecture of the application control systems: certain information which is used by the application control system to search for access rules regulating the access to a certain object, and also for making a decision on the granting of access to that object (for example, for the application control systems of Kaspersky Lab such information might be information on the electronic digital signature—EDS) is not accessible to components of the application control system which are launched in kernel mode, while a number of other components, such as those intercepting access to objects of the operating system, need to work in kernel mode. The switching between user mode and kernel mode during the working of the application control system is a tedious operation, requiring a lot of time (as compared to an execution without switching).
Accordingly, there is a need to improve application access control system.